[20366] in bugtraq
Fw: [net-com] Bug in Mirc v5.82
daemon@ATHENA.MIT.EDU (Chris King)
Sun Apr 22 14:05:45 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <001d01c0cb2f$e892a540$0a00a8c0@home>
Date: Sun, 22 Apr 2001 14:26:55 +0100
Reply-To: Chris King <chris@ADMINS.DEVOUR.ORG>
From: Chris King <chris@ADMINS.DEVOUR.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
----- Original Message -----
From: Trax <traxster@atlas.co.uk>
To: opers-xnet <opers@xnet.org>
Cc: net-com-xnet <net-com@xnet.org>
Sent: Sunday, April 22, 2001 1:40 PM
Subject: [net-com] Bug in Mirc v5.82
> There is a bug in mirc v5.82 that allows remote control of clients via
> /quote and /ctcp (not the ctcp *:*:*:* code tho), this is different, it's
> the mirc coder's fault.
>
> Simple solution:
> Downgrade mirc to v5.81 till a fix/new mirc comes out.
>
> Other Solution:
> Put these in your remotes as they are printed here:
>
> ctcp 1:finger:haltdef
> ctcp 1:userinfo:haltdef
> ctcp 1:clientinfo:haltdef
> ctcp 1:ping:haltdef
> ctcp 1:time:haltdef
> ctcp 1:sound:haltdef
> ctcp 1:msg:haltdef
> ctcp 1:/msg:haltdef
>
>
> From my point of view, this *may* screw up your scripts, so the downgrade
is
> the easier option.
>
> This hole in mirc enable's people to remotely control people using mirc
> v5.82 using /quote and /ctcp. This morning on another network, someone
did
> it to an ircop and globaled, if they wanted to they could have
> killed/akilled people.
>
> So please either ditch Mirc v5.82 or insert the above code.
>
> Laters
> Trax.
>
>
>
